Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server – XML External Entity Injection
Authors: Pawel Gocyla, Jakub Palaczynski
Date: 08. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

XML External Entity Injection:
==============================

It must be noted that this vulnerability is exploitable without…